/V1/AutoXssAnalyzer/XAUserInterface.cs
C# | 312 lines | 253 code | 47 blank | 12 comment | 45 complexity | 1dd53e055d616fd87590a243b7c78e72 MD5 | raw file
Possible License(s): BSD-3-Clause
- using System;
- using System.Collections.Generic;
- using System.ComponentModel;
- using System.Drawing;
- using System.Data;
- using System.Text;
- using System.Windows.Forms;
- using Fiddler;
- using Casaba;
- public partial class XAUserInterface : UserControl {
-
- //Delegate's to handle updating the DataGridView due to the "Creation thread" constraints.
- public delegate void AddRow(List<ResponseResult> matches);
- public AddRow ar;
- public delegate void SetColumnAutoSort();
- public SetColumnAutoSort scas;
- //Instance variables..
- SortableBindingList<ResponseResult> matches;
-
- public XAUserInterface(XssAnalyzerEngine xa) {
- InitializeComponent();
- this.matches = new SortableBindingList<ResponseResult>();
- this.xa = xa;
- SetState();
- //Adding the default canary...
- string canary = XssUtilities.UnescapeUnicodeCodePoints("\uFF21\uFF22\uFF23\uFF11\uFF12\uFF13");
- xa.Settings.canary = canary;
- this.tbCanary.Text = xa.Settings.canary;
- this.tbCanary.Enabled = false;
-
- this.lbDomainFilters.DataSource = xa.Settings.domainFilters;
- this.dataGridView1.DataSource = this.matches;
- //Delegate method to ensure when adding data to the datasource it origanates from the creating thread.
- ar = new AddRow(AddRowMethod);
- this.dataGridView1.Columns[1].Width = this.dataGridView1.Width - this.dataGridView1.Columns[0].Width - this.dataGridView1.RowHeadersWidth - 2;
- //Set columns to sortable
- this.scas = new SetColumnAutoSort(setColumnAutoSort);
- this.Dock = DockStyle.Fill;
- //Pre populate Special Chars..
- this.xa.Settings.specialChars = XssUtilities.UnescapeUnicodeCodePoints("\uFF1C\uFF1E\uFF02\uFF07\u00AB\u2A74\uFE13\uFE55\uFE64\uFE65");
- this.sCharTxtBox.Text = xa.Settings.specialChars;
- this.xa.Settings.scc = SpecialCharsContainer.Create(this.xa.Settings.specialChars);
- }
- public void setColumnAutoSort() {
- for (int i = 0; i < this.dataGridView1.Columns.Count; i++) {
- this.dataGridView1.Columns[i].SortMode = DataGridViewColumnSortMode.Automatic;
- }
- }
- private void SetState() {
- if(this.xa.Settings.Enabled){
- this.chkbEnabled.Checked = true;
- this.chkbEnabled.Enabled = true;
- }
- if (this.xa.Settings.checkRequestForCanary) {
- this.chkbCheckRequestCanary.Checked = true;
- }
-
- if (this.xa.Settings.enabledAutoGen){
- this.chkbAutoGenSC.Checked = true;
- }
-
- if (this.xa.Settings.injectIntoQueryString) {
- this.chkbInjectQueryParam.Checked = true;
-
- }
- if (this.xa.Settings.injectIntoPost)
- {
- this.chkbAutoInjectPost.Checked = true;
- }
-
- if (this.xa.Settings.filterRequests) {
- this.chkbFilterReq.Checked = true;
-
- }
- if (this.xa.Settings.filterResponse) {
- this.chkbFilterRes.Checked = true;
-
- }
- if (this.xa.Settings.domainFilterEnabled) {
- this.chkbEnableDomainFilter.Checked = true;
-
- }
- if (this.xa.Settings.urlEncodeQueryStringParams) {
- this.chkbEncodeQueryStringParam.Checked = true;
- }
-
-
- this.sCharTxtBox.Text = this.xa.Settings.specialChars;
- }
- public void ClearMatchListMethod() {
- this.matches.Clear();
- }
- //This delegate method is used to ensure that the Datagridview is updated via the thread that created it.
- public void AddRowMethod(List<ResponseResult> matches) {
- foreach (ResponseResult m in matches) {
- if (!this.matches.Contains(m)) {
- this.matches.Add(m);
- }
- }
- }
- private void enabledChkBox_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbEnabled.Checked) {
- this.xa.Settings.Enabled = true;
- this.chkbAutoGenSC.Enabled = true;
- this.chkbAutoInjectPost.Enabled = true;
- this.chkbCheckRequestCanary.Enabled = true;
- this.chkbEnableDomainFilter.Enabled = true;
- this.chkbInjectQueryParam.Enabled = true;
- this.chkbEncodeQueryStringParam.Enabled = true;
- } else {
- this.xa.Settings.Enabled = false;
- this.chkbAutoGenSC.Enabled = false;
- this.chkbAutoInjectPost.Enabled = false;
- this.chkbCheckRequestCanary.Enabled = false;
- this.chkbEnableDomainFilter.Enabled = false;
- this.chkbFilterReq.Enabled = false;
- this.chkbFilterRes.Enabled = false;
- this.chkbInjectQueryParam.Enabled = false;
- this.chkbEncodeQueryStringParam.Enabled = false;
- }
- }
- public void refreshBindings(){
- BindingManagerBase bmb = this.dataGridView1.BindingContext[this.xa.Matches];
- bmb.SuspendBinding();
- bmb.ResumeBinding();
- }
- private void dataGridView1_RowEnter(object sender, DataGridViewCellEventArgs e) {
- this.richTextBox1.Text = "Can't jump to location..";
- ResponseResult res = matches[e.RowIndex];
- Fiddler.Session[] sessions = Fiddler.FiddlerApplication.UI.GetAllSessions();
- Fiddler.Session targetSession = null;
- int tSessionIndex = -1;
- //Locate the session object and it's index..
- for (int i = 0; i < sessions.Length; i++) {
- if (sessions[i].id == res.Match.SessionId) {
- targetSession = sessions[i];
- tSessionIndex = i;
- break;
- }
- }
- if (targetSession == null || tSessionIndex == -1) {
- //ouch, no jump for this session ;(
- return;
- }
- //Jump to fiddler session in the right box.
- FiddlerApplication.UI.lvSessions.SelectedItems.Clear();
- FiddlerApplication.UI.lvSessions.Items[tSessionIndex].Focused = true;
- FiddlerApplication.UI.lvSessions.Items[tSessionIndex].Selected = true;
- //Dump text to textbox and bail.
- string headers = targetSession.oResponse.headers.ToString();
- string body = Encoding.UTF8.GetString(targetSession.responseBodyBytes);
- this.richTextBox1.Text = headers + "\r\n\r\n" + body;
- //Lets see if we can jump to the proper place in the RichTextBox to highlihgt the location for quicker inspection.
- int offset = 0;
- if (res.Match is HeaderMatch) {
- HeaderMatch hm = (HeaderMatch)res.Match;
- offset = headers.IndexOf(hm.HeaderName) + hm.HeaderName.Length + 2; //+2 to cover the : and space..
- offset += res.Match.Offset;
- } else if (res.Match is BodyMatch) {
- BodyMatch bm = (BodyMatch)res.Match;
- offset = headers.Length + 4 + bm.Offset;
- }
- if (offset - 20 > 0 && offset + 20 < headers.Length + 4 + body.Length) {
- this.richTextBox1.Select(offset - 20, 40);
- this.richTextBox1.SelectionColor = Color.Red;
- this.richTextBox1.ScrollToCaret();
- }
- }
- private void clearBtn_Click(object sender, EventArgs e) {
- this.matches.Clear();
- this.xa.Matches.Clear();
- this.matches = new SortableBindingList<ResponseResult>();
- this.dataGridView1.DataSource = this.matches;
- this.richTextBox1.Text = "";
- }
- private void enableSCharChkBox_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbAutoGenSC.Checked == true) {
- this.xa.Settings.enabledAutoGen = true;
-
- } else {
- this.xa.Settings.enabledAutoGen = false;
-
- }
- }
- private void sCharTxtBox_TextChanged(object sender, EventArgs e) {
- this.xa.Settings.specialChars = this.sCharTxtBox.Text;
- this.xa.Settings.scc = SpecialCharsContainer.Create(this.xa.Settings.specialChars);
- }
-
- private void chkbInjectQueryParam_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbInjectQueryParam.Checked) {
- this.xa.Settings.injectIntoQueryString = true;
- } else {
- this.xa.Settings.injectIntoQueryString = false;
- }
- }
- private void btnAddToDomainFilterList_Click(object sender, EventArgs e) {
- if (this.tbDomain.Text != "") {
- this.xa.Settings.domainFilters.Add(this.tbDomain.Text);
- this.tbDomain.Text = "";
- BindingManagerBase bmb = this.lbDomainFilters.BindingContext[this.xa.Settings.domainFilters];
- bmb.SuspendBinding();
- bmb.ResumeBinding();
- }
- }
- private void btnRemoveDomainFilter_Click(object sender, EventArgs e) {
- if (this.lbDomainFilters.SelectedIndex >= 0) {
- string s = this.xa.Settings.domainFilters[this.lbDomainFilters.SelectedIndex];
- this.tbDomain.Text = s;
- this.xa.Settings.domainFilters.Remove(s);
- BindingManagerBase bmb = this.lbDomainFilters.BindingContext[this.xa.Settings.domainFilters];
- bmb.SuspendBinding();
- bmb.ResumeBinding();
- }
- }
- private void btnClrDomainList_Click(object sender, EventArgs e) {
- this.xa.Settings.domainFilters.Clear();
- BindingManagerBase bmb = this.lbDomainFilters.BindingContext[this.xa.Settings.domainFilters];
- bmb.SuspendBinding();
- bmb.ResumeBinding();
- }
- private void chkbFilterReq_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbFilterReq.Checked) {
- this.xa.Settings.filterRequests = true;
- } else {
- this.xa.Settings.filterRequests = false;
- }
- }
- private void chkbFilterRes_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbFilterRes.Checked) {
- this.xa.Settings.filterResponse = true;
- } else {
- this.xa.Settings.filterResponse = false;
- }
- }
- private void chkbEnableDomainFilter_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbEnableDomainFilter.Checked) {
- this.xa.Settings.domainFilterEnabled = true;
- this.chkbFilterReq.Enabled = true;
- this.chkbFilterRes.Enabled = true;
- } else {
- this.xa.Settings.domainFilterEnabled = false;
- this.chkbFilterReq.Enabled = false;
- this.chkbFilterRes.Enabled = false;
- }
- }
- private void exportBtn_Click(object sender, EventArgs e) {
- }
- private void chkbEncodeQueryStringParam_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbEncodeQueryStringParam.Checked) {
- this.xa.Settings.urlEncodeQueryStringParams = true;
- } else {
- this.xa.Settings.urlEncodeQueryStringParams = false;
- }
- }
- private void clearBtn_Click_1(object sender, EventArgs e) {
- this.matches.Clear();
- this.xa.Matches.Clear();
- this.matches = new SortableBindingList<ResponseResult>();
- this.dataGridView1.DataSource = this.matches;
- this.richTextBox1.Text = "";
- }
- private void chkbAutoInjectPost_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbAutoInjectPost.Checked) {
- this.xa.Settings.injectIntoPost = true;
- } else {
- this.xa.Settings.injectIntoPost = false;
- }
- }
- private void chkbCheckRequestCanary_CheckedChanged(object sender, EventArgs e) {
- if (this.chkbCheckRequestCanary.Checked) {
- this.xa.Settings.checkRequestForCanary = true;
- } else {
- this.xa.Settings.checkRequestForCanary = false;
- }
- }
- private void dataGridView1_CellDoubleClick(object sender, DataGridViewCellEventArgs e) {
- FiddlerApplication.UI.actInspectSession();
- }
- }